VBF-Operational Technology Cybersecurity – KPMG – Nov 03, 2022 – The Executive Health & Safety Council of BC

At today’s Virtual Breakfast meeting we were joined by Eric Berg Partner, Cyber Security & Owen Key, Director, Cyber Security & National Lead for IOT Cybersecurity, both from KPMG. Eric and Owen presented on a very thought provoking topic: Operational Technology Cyber Security.

Eric shared a very interesting statistic, where the average cost of an Operational Technology cyber attack costs $3million. Results of these cyber attacks include catastrophic failure or major disruptions to facilities, impacting health and safety of workers and the public, damaging the organization’s reputation and causing severe financial implications. Eric and Owen shared that the biggest risk of breaching security is email, but also are insider threats: a former, disgruntled employee, or workers being paid off to compromise their internal accounts (those individuals having access to the confidential information).

Executives/Directors role in enabling cyber security:

Understand – have a clear view of key cyber risks and issues facing the business, and organizations’ ability to safeguard against threats.

Guide – support management in their cyber risk, management activities and enable alignment with the overall business strategy.

Act – take action to build a strong culture of cyber security, champion cyber training and provide corporate cyber governance.

Ask the right questions of your organization:

Prevent – do you have a cyber program that aligns with your unique business needs, and protects your “crown jewels”? How are you balancing cyber risks with other compliance priorities?

Improve – how are you building security into your business so that it is seamless for your users? Have you considered how you can improve existing programs and processes?

Detect – how confident are you that threats will be detected, and incidents managed effectively? Do you have enough visibility and an understanding of changing risks?

Respond – What would you do if you were hit with a cyber attack – do you feel confident in your current processes? Is your business cyber resilient? Can it sustain itself through a major cyber attack?

A big thanks to Eric and Owen for shedding some light on this provocative topic.

A reminder of our next VBF, on Thursday, November 17^th, with a presentation by WorkSafe BC.